roles/nginx: Only use Linode DNS resolvers for OCSP if it's a linode host

Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-11-30 17:40:32 +02:00 · 2015-11-30 17:40:32 +02:00 · 60c37821d6
commit 60c37821d6
parent 5f71991259
1 changed files with 5 additions and 0 deletions
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@ -19,7 +19,12 @@
    # OCSP stapling...
    ssl_stapling on;
    ssl_stapling_verify on;
+    {% if linode_id is defined %}
+    # use Linode internal DNS
    resolver 109.74.192.20 109.74.193.20;
+    {% else %}
+    resolver 8.8.8.8 8.8.4.4;
+    {% endif %}

    # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
    # when a restart is performed the previous key is lost, which resets all previous